IT GOVERNANCE

Time allowed- 3:30 hours

Total marks- 100
[N.B. - The figures in the margin indicate full marks. Questions must be answered in English. Examiner will take account of the
quality of language and of the manner in which the answers are presented. Different parts, if any, of the same question must
be answered in one place in order of sequence.]
Marks
1. a) The National ICT Policy, 2009 enumerates a number of action items under the strategic theme, “Ensure
reliable and cost-effective power”, in relation to the objective, “Supports to ICTs”. Put forth these
action items. 5
b) Organizations today are furiously mining big data, looking for ways to benefit from this technology. There
are many big data success stories. But there’s a dark side to big data related to privacy. Discuss in brief the
issues related to this. Elucidate the ethical dilemma between the two sets of interests at work. 5
2. a) Define business analytics (BA). What are the areas it focuses on? How does it differ from business
intelligence in this respect? 3
b) What are the knowledge areas cognitive science is based on? Elucidate. What are the applications in
the cognitive science area? Describe in brief. 6
c) Describe clearly how transparency is maintained in blockchains. 4
d) What are the four subsegments of crowdfunding portals on the basis of the kind of consideration given
to investors for their investments? Describe the salient aspects of each. 7
3. a) Elucidate the role carried out by the FAIR IT governance framework? 2
b) From the perspective of economics of information, describe how information technology can help firms
lower the transaction costs. 5
c) The Porter model is very helpful for identifying competitive forces and suggesting generic strategies, but
it is not very specific about what exactly to do. And it does not provide a methodology to follow for
achieving competitive advantages. When the goal is to achieve operational excellence, how can one
determine where to start? Which model is helpful in the perspective? Elaborate. 3
d) From the perspective of the scenario in Question (c), describe the primary activities and support activities.
What are questions one can ask at the entities of the said model? What will be the effects of these questions? 5
4. a) Mr X is in a public place that has free WiFi Internet access. Is it safe for him to connect his device to
the WiFi? Justify. 4
b) Define zero-day attack. Was the “WannaCry Ransomware Attack” a zero-day attack and why? Who was
responsible for the success of this attack? What should one do to prevent this type of attack? 4
c) Company X faced a cyber attack and suffered a huge loss. They performed computer forensics for the
investigation. What is computer forensics? What are the problems computer forensics deals with? Why
risk assessment and disaster recovery planning are necessary for company X? 6
d) Suppose you always find your college campus network speed very slow as your fellow students are using
the network to download bulk files. What technology solves this problem? Briefly explain the technology. 2
e) There are some common hacking tactics to assault companies through the internet and other networks.
Some of them are sniffer, spoofing, logic bombs, and social engineering. Explain briefly each of these
mentioned tactics. 4
5. a) Why is conducting an organizational analysis considered a crucial first step in systems analysis? How does
it relate to improving information systems? What are the possible consequences of attempting to improve
an information system without sufficient knowledge? Discuss in detail with an example. 4
b) What is the traditional role of a business end user in the systems development cycle? How does the
concept of end-user development differ from traditional systems development, and what roles do
Information System professionals and end users play in this approach? 5
c) Define the parallel conversion strategy in systems implementation. Elaborate the difference from other
approaches and key application characteristics. Comment on the advantages and disadvantages
associated. Describe the conditions in which parallel conversion is considered a viable choice, and
when might it not be suitable. 6
6. a) What are the steps an IS auditor should perform to determine an organization’s level of compliance
with external requirements? 4
b) Show the summary of the risk management process using a diagram. 5
c) Write down the principles of COBIT 5. 3
d) Discuss the difference between compliance testing and substantive testing. 4
e) Enumerate the functions of the preventive internal control. 4
---The End---